Dec 15 2021
08:06 AM
- last edited on
Jan 14 2022
03:23 PM
by
TechCommunityAP
Dec 15 2021
08:06 AM
- last edited on
Jan 14 2022
03:23 PM
by
TechCommunityAP
Question is regarding authentication(s) in Azure AD for this set-up. To comply with security requirements customer has enabled MFA for their tenant and we have enabled MFA for our service hosted in our subscription in our tenant which means that the end users(customers) currently need to configure MFA 2 times, one time for their subscription and one time for our subscription and this has negative impact on end users as they need to configure and log-in twice. Currently we are replication identities from customer's AAD to our AAD .
What options do I have other than disabling one MFA? Is there a way that I can disable one of the MFA based on certain rules? What else?
(PS: Dont ask why we are doing this replication from one subscription to other , it will be a long story)
Dec 15 2021 11:35 PM - edited Dec 15 2021 11:35 PM
SolutionHi @veryConfused,
So If I understand your question correctly, and If I'm not, please correct me.
You have User A in Tenant A and Tenant B (I assume as a guest user)? If this is the case, then it's correct that you need to configure Azure MFA twice. The reason for this is straightforward; your (authentication) methods are configured per tenant. This means, if you have configured your Authenticator in Tenant A, it won't be synchronized to Tenant B since this is a Unique user per tenant.
If you receive an invite for another environment in the future, and they have configured Azure MFA as required, you should again configure MFA for this particular tenant.
I hope this isn't @veryConfused ;-). And if you still need some help, please let me know.
Dec 15 2021 11:53 PM
Dec 15 2021 11:55 PM
Dec 16 2021 12:01 AM
Dec 16 2021 12:03 AM
Dec 16 2021 01:31 AM
Dec 15 2021 11:35 PM - edited Dec 15 2021 11:35 PM
SolutionHi @veryConfused,
So If I understand your question correctly, and If I'm not, please correct me.
You have User A in Tenant A and Tenant B (I assume as a guest user)? If this is the case, then it's correct that you need to configure Azure MFA twice. The reason for this is straightforward; your (authentication) methods are configured per tenant. This means, if you have configured your Authenticator in Tenant A, it won't be synchronized to Tenant B since this is a Unique user per tenant.
If you receive an invite for another environment in the future, and they have configured Azure MFA as required, you should again configure MFA for this particular tenant.
I hope this isn't @veryConfused ;-). And if you still need some help, please let me know.